Kelihos Botnet Containment not over Yet, States Kaspersky

During the end-week of September 2011, Microsoft announced the effective shut down of the Kelihos network-of-bots comprising over 40,000 contaminated PCs that could dispatch 3.8bn spam mails daily. Consequently, the botnet isn't any longer under the control of cyber-criminals, still efforts towards containing it continues. Arstechnica.com published this during the 1st-week of October 2011.

Explaining the developments, security researchers state that Kelihos' traffic is currently getting diverted onto a "sinkhole," facilitating specialists in monitoring traffic flowing out of infected computers as also stopping additional dissemination of scams and malware.

The shutdown of Kelihos was the initiation of Kaspersky Labs that took Microsoft's help. In the process, it found that 3,000 bot-contaminated PCs linked up with their sinkhole after each 60 seconds. Tillmann Werner, security specialist at Kaspersky Labs elaborated that his organization reversed the activity of the malicious bot, uncovered the messaging style of the botnet, followed with creating software for attacking its P2P structure. Consequently, Kaspersky managed in setting up a situation wherein the bots would communicate solely with the company's systems. This action was referred to as "sinkholing bots" where the infected PCs exchanged messages with a sinkhole rather than their actual controllers, told Werner to arstechnica.com.

Actually, from the time the sinkholing activity started on September 26, 2011, the botnet operation proved a failure, according to Kaspersky.

Elsewhere Werner stated that because the bots were currently interacting with Kaspersky Lab's systems, there could be data-mining operations for tracing contaminations, country-wise. Until now Kaspersky had detected 61,463 poisoned Internet Protocol addresses as also was dealing with the related service providers for notifying the network proprietors regarding the contaminations, the specialist explained. Sys-con.com published this dated September 30, 2011.

Meanwhile, appreciating Kaspersky's serious efforts towards shutting down Kelihos, Senior Attorney Richard Boscovich for the Digital Crimes Unit of Microsoft stated that Kaspersky had acted as the leader in the takedown operation via giving Microsoft in-depth and distinctive details through its technical comprehension and assessment of the Kelihos. Consequently, the takedown was not only successful but there were clues for revelations too regarding the structure and analysis of the malicious network-of-bots, he concluded. Sys-con.com published this.